IPsec lifetime

kzhen · ‎01-30-2008

Hi, how can I find the L2L phase II lifetime in ASA?

Thank you!

fortis123 · ‎01-30-2008

AQre you looking for the times showed with this command..?

ASA# sh vpn-sessiondb l2l

< >

Login Time : 06:21:40 EST Mon Jan 28 2008

Duration : 2d 8h:36m:46s

< >

hth

MS

kzhen · ‎01-30-2008

I am looking for IPSec lifetime.

srue · ‎01-31-2008

sh running-config all | inclu lifetime

If you haven't defined any explicit lifetimes, the defaults will be visible in the output of that command.

Keep in mind, when bringing up a vpn, if two peers differ on lifetimes, they will negotiate on the lowest lifetime of the initiator - at least when peering with Cisco equipment. With non-Cisco peers, you should make sure lifetimes match up.

cisco24x7 · ‎01-31-2008

VXR7206_1#sh crypto ipsec profile

IPSEC profile VPN

Stateful HA configured, group EXTERNAL

Security association lifetime: 4608000 kilobytes/3600 seconds

PFS (Y/N): N

Transform sets={

aes256,

aes192,

aes,

3dessha,

3desmd5,

}

IPSEC profile sso

Security association lifetime: 4608000 kilobytes/3600 seconds

PFS (Y/N): N

Transform sets={

test,

}

VXR7206_1#sh crypto ipsec security

Security association lifetime: 4608000 kilobytes/3600 seconds

VXR7206_1#

CCIE Security

srue · ‎02-01-2008

cisco24x7 ,

those commands don't work on the ASA's.